This command can be run only once successfully. Subsequent attempts
will result in an error unless the existing key is deleted.

This new tnsr-updates key object contains the private key, which is secret,
and a public key, which is included in the certificate.

The same key pair can be used as the basis for multiple certificate signing
requests. If a certificate expires, is accidentally deleted, or needs to be
replaced for any other reason other than the keys being compromised, generate a
new signing request using the existing key pair.